Coinbase,
a growing bitcoin wallet and exchange service headquartered in San Francisco, is the largest consumer bitcoin wallet in the world and the first regulated bitcoin exchange in the United States. Bitcoin is a form of digital currency that is created and stored electronically. The company, which supports 3 million global users, facilitates bitcoin transactions in 190 countries and exchanges between bitcoin and
flat
currencies in 26 countries. In addition to its wallet and exchange services,
Coinbase
offers an API that developers and merchants can use to build applications and accept bitcoin payments.

Since its founding in 2012,
Coinbase
has quickly become the leader in bitcoin transactions. As it prepared to respond to ever-increasing customer demand for bitcoin transactions, the company knew it needed to invest in the right underlying technology. “We’re now in the phase of legitimizing this currency and bringing it to the masses,” says Rob
Witoff
, director at
Coinbase
. “As part of that, our core tenets are security, scalability, and availability.”

Security is the most important of those tenets, according to
Witoff
. “We control hundreds of millions of dollars of bitcoin for our customers, placing us among the largest reserves in our industry,” says
Witoff
. “Just as a traditional bank would heavily guard its customers’ assets inside a physical bank vault, we take the same or greater precautions with our servers.”

Scalability is also critical because
Coinbase
needs to be able to elastically scale its services globally without consuming precious engineering resources. “As a startup, we’re meticulous about where we invest our time,” says
Witoff
. “We want to focus on how our customers interact with our product and the services we’re offering. We don’t want to reinvent solutions to
already-solved
foundational infrastructure.”
Coinbase
also strives to give its developers more time to focus on innovation. “We have creative, envelope-pushing engineers who are driving our startup with innovative new services that balance a delightful experience with uncompromising security,” says
Witoff
. “That’s why we need to have our exchange on something we know will work.”

Additionally,
Coinbase
sought a better data analytics solution. “We generate massive amounts of data from the top to the bottom of our infrastructure that would traditionally be stored in a remote and dated warehouse. But we’ve increasingly focused on adopting new technologies without losing a reliable, trusted core,” says
Witoff
. “At the same time, we wanted the best possible real-time insight into how our services are running.”

To support its goals,
Coinbase
decided to deploy its new bitcoin exchange in the cloud. “When I joined
Coinbase
in 2014, the company was bootstrapped by quite a few third-party hosting providers,” says
Witoff
. “But because we’re managing actual value and real assets on our machines, we needed to have complete control over our environment.”

Coinbase
evaluated different cloud technology vendors in late 2014, but it was most confident in Amazon Web Services (AWS). In his previous role at NASA’s Jet Propulsion Laboratory,
Witoff
gained experience running secure and sensitive workloads on AWS. Based on this,
Witoff
says he “came to trust a properly designed AWS cloud.”

The company began designing the new
Coinbase
Exchange by using AWS Identity and Access Management (IAM), which securely controls access to AWS services. “Cloud computing provides an API for everything, including accidentally destroying the company,” says
Witoff
. “We think security and identity and access management done correctly can empower our engineers to focus on products within clear and trusted walls, and that’s why we implemented an auditable self-service security foundation with AWS IAM.” The exchange runs inside the
Coinbase
production environment on AWS, powered by a custom-built transactional data engine alongside Amazon Relational Database Service (Amazon RDS) instances and PostgreSQL databases. Amazon Elastic Compute Cloud (Amazon EC2) instances also power the exchange.

The organization provides reliable delivery of its wallet and exchange to global customers by distributing its applications natively across multiple AWS Availability Zones.

Coinbase
created a streaming data insight pipeline in AWS, with real-time exchange analytics processed by an Amazon Kinesis managed big-data processing service. “All of our operations analytics are piped into Kinesis in real time and then sent to our analytics engine so engineers can search, query, and find trends from the data,”
Witoff
says. “We also take that data from Kinesis into a separate disaster recovery environment.”
Coinbase
also integrates the insight pipeline with AWS CloudTrail log files, which are sent to Amazon Simple Storage Service (Amazon S3) buckets, then to the AWS Lambda
compute
service, and on to Kinesis containers based on Docker images. This gives
Coinbase
complete, transparent, and indexed audit logs across its entire IT environment.

Every day, 1 TB of data—about 1 billion events—flows through that path. “Whenever our security groups or network access controls are modified, we see alerts in real time, so we get full insight into everything happening across the exchange,” says
Witoff
. For additional
big-data
insight,
Coinbase
uses Amazon Elastic MapReduce (Amazon EMR), a web service that uses the Hadoop open-source framework to process data, and Amazon Redshift, a managed petabyte-scale data warehouse. “We use Amazon EMR to crunch our growing databases into structured, actionable Redshift data that tells us how our company is performing and where to steer our ship next,” says
Witoff
.

All of the company’s networks are designed, built, and maintained through AWS CloudFormation templates. “This gives us the luxury of
version-controlling
our network, and it allows for seamless, exact network duplication for on-demand development and staging environments,” says
Witoff
.
Coinbase
also uses Amazon Virtual Private Cloud (Amazon VPC) endpoints to optimize throughput to Amazon S3, and Amazon WorkSpaces to provision cloud-based desktops for global workers. “As we scale our services around the world, we also scale our team. We rely on Amazon WorkSpaces for on-demand access by our contractors to appropriate slices of our network,”
Witoff
says.

Coinbase
launched the U.S.
Coinbase
Exchange on AWS in February
2015,
and recently expanded to serve European users.

Coinbase
is able to securely store its customers’ funds using AWS. “I consider Amazon’s cloud to be our own private cloud, and when we deploy something there, I trust that my staff and administrators are the only people who have access to those assets,” says
Witoff
. “Also, securely storing bitcoin remains a major focus area for us that has helped us gain the trust of consumers across the world. Rather than spending our resources replicating and securing a new data center with solved challenges, AWS has allowed us to hone in on one of our core competencies: securely storing private keys.”

Coinbase
has also relied on AWS to quickly grow its customer base. “In three years, our bitcoin wallet base has grown from zero to more than 3 million. We’ve been able to drive that growth by providing a fast, global wallet service, which would not be possible without AWS,” says
Witoff
.

Additionally, the company has better visibility into its business with its insight pipeline. “Using Kinesis for our insight pipeline, we can provide analytical insights to our engineering team without forcing them to jump through complex hoops to traverse our information,” says
Witoff
. “They can use the pipeline to easily view all the metadata about how the
Coinbase
Exchange is performing.” And because Kinesis provides a one-to-many analytics delivery method,
Coinbase
can collect metrics in its primary database as well as through new, experimental data stores. “As a result, we can keep up to speed with the latest, greatest, most exciting tools in the data science and data analytics space without having to take undue risk on unproven technologies,” says
Witoff
.

As a startup company that built its bitcoin exchange in the cloud from day one,
Coinbase
has more agility than it would have had if it created the exchange internally. “By starting with the cloud at our core, we’ve been able to move fast where others dread,” says
Witoff
. “Evolving our network topology, scaling across the globe, and deploying new services are never more than a few actions away. This empowers us to spend more time thinking about what we want to do instead of what we’re able to do.” That agility is helping
Coinbase
meet the demands of fast business growth. “Our exchange is in hyper-growth mode, and we’re in the process of scaling it all across the world,” says
Witoff
. “For each new country we bring on board, we are able to scale geographically and at the touch of a button launch more machines to support more users.”

By using AWS,
Coinbase
can concentrate even more on innovation. “We trust AWS to manage the lowest layers of our stack, which helps me sleep at night,” says
Witoff
. “And as we go higher up into that stack—for example, with our insight pipeline—we are able to reach new heights as a business, so we can focus on innovating for the future of finance.”